really weird(?) DNS setup on linksys router running DD-WRT

D. Hugh Redelmeier hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org
Mon Sep 21 15:10:27 UTC 2009


| From: Robert P. J. Day <rpjday-L09J2beyid0N/H6P543EQg at public.gmane.org>

Context:

	The "resolver" is the name for the part of the libary that
	allows programs to make DNS queries.  Typically part of glibc.
	For example, programs like Firefox use the resolver to map DNS
	names into IP addresses.  The resolver is onfigured by
	/etc/resolv.conf (which may be altered by the DHCP client).

	The "DNS server" is a program for maintaining the distributed
	database that is DNS.  One function of a DNS server is to
	answer queries from resolvers.  On UNIX systems it is usually
	called named; BIND (Berkeley Internet Name Daemon) is the
	classic implementation but there are others with certain
	advantages.  Typically configured by /etc/named.conf.

	All (or almost all) ISPs offer a DNS server for their
	customers to use so that those customers don't need to have
	their own DNS server.  There are a number of complaints on
	this list about various ISPs name service.

|   took a look at a couple of the internal linux systems (call them
| 192.168.1.100 and 192.168.1.101), and their /etc/resolv.conf files
| read:
| 
|   nameserver 127.0.0.1
|   nameserver 192.168.1.1   (the router)

That tells the resolver to alternate asking the DNS server on the
machine itself and on the router.  (Alternating doesn't always accomplish 
what you'd want.)

So there is likely a DNS server running on the machine itself.  That
server doesn't look at /etc/resolv.conf, it looks at /etc/named.conf
(if it is BIND, which it probably is).

Are you running BIND on one or both of the local machines?  If
neither, this should not work at all.  If only one, things get
confusing (with the alternation).  If on both, and correctly
configured, everything could work.

| ok, i thought, they'll try to access the router for DNS info.  but
| when i browsed over to the router, it was set up for DNS statically
| with the first two entries:
| 
|   192.168.1.100
|   192.168.1.101

That tells the router to use the local machines' DNS server.  Or more
accurately, to specify those as the IP addresses of DNS servers in
DHCP messages it serves (thus configuring /etc/resolv.conf in any
machine that listens).  It implies that both local machines are
running a DNS server.

| am i just confused?  that makes no sense to me.  the internal systems
| will consult the router for DNS, while the router turns around and
| consults the internal systems?  am i missing something here?
| shouldn't the router be set up to consult 3 *external* DNS servers, as
| supplied by whoever their network provider is?  or am i just being
| clueless?

On my home LAN, I run a DNS server (two, actually, but ignore that).
I've found that my ISP's DNS servers act up once in a blue moon and I
don't need one more mysterious problem.  My DHCP server tells its
clients to use my local server for DNS queries.

So the setup you observed isn't necessarily wrong.  You have observed
a problem, so you need to dig into the nameds running on each machine.

This stuff is quite intricate, partly because there are so many
choices of how to do many many parts of this.

If you care about DNSSec (and I think one should), things are getting
more complicated, with more failure modes.
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list